Author: Admin
Managed by the Tines orchestration, AI and automation platform team, the Tines library contains pre-built workflows used by real security professionals from across the community, all of which are free to import and deploy via Community edition platform. Their twice-yearly “You Did What with Tines?!” the competition highlights some of the most interesting workflows submitted by their users, many of which demonstrate the practical application of large-scale language models (LLM) to solve complex problems in security operations. One recent winner is a workflow designed to automate CrowdStrike RFM reports. Developed by Tom Power, a security analyst at the University of…
December 13, 2024Hacker newsIoT Security / Operational Technology Iran-linked threat actors have been linked to new custom malware targeting IoT and operational technology (OT) environments in Israel and the US. The malware received a code name IOCONTROL from cybersecurity company OT Claroty, highlighting its ability to attack IoT and SCADA devices such as IP cameras, routers, programmable logic controllers (PLCs), human machine interfaces (HMIs), firewalls, and other Linux-based based on IoT/OT platforms. “Although the malware is believed to be custom-built by the threat actor, it appears that the malware is generic enough to run on different platforms from different vendors…
December 13, 2024Ravi LakshmananLinux / threat analysis Cyber security researchers have discovered a new Linux rootkit called SORRY which comes with capabilities to elevate privileges, hide files and directories, and hide itself from system tools while avoiding detection. “PUMAKIT is a sophisticated Loaded Kernel Module (LKM) rootkit that uses sophisticated stealth mechanisms to hide its presence and communicate with command-and-control servers,” Elastic Security Lab researchers Remka Spruten and Ruben Groenewood said in a technical report published on Thursday. Analysis of the company is coming from artifacts uploaded to malware scanning platform VirusTotal earlier this September. The interior of the malware…
The US Department of Justice (DoJ) on Thursday announced the closure of an illegal marketplace called Rydox (“rydox.ru” and “rydox(.)cc”) for selling stolen personal information, access devices and other tools for cybercrime and fraud. Three Kosovo citizens and service administrators Ardit Kutlesi, Jetmir Kutlesi and Shpend Sakoli were arrested in tandem. Ardit Kutlesi and Jetmir Kutlesi are expected to be extradited to the US by Falcon, who was detained December 12, 2024 will be charged and prosecuted in Albania. “Rydox Marketplace has conducted over 7,600 sales of personally identifiable information (PII), stolen access devices, and cybercrime tools, generating at least…
December 12, 2024Ravi LakshmananMobile Security / Cyber Espionage A Russian-linked state-sponsored threat tracked as Gamaredon has been attributed to two new Android spyware called BoneSpy and PlainGnomefor the first time, an adversary was found to be using a mobile-only malware family in its attacks. “BoneSpy and PlainGnome Target Former Soviet Countries and Focus on Russian-Speaking Victims.” — Lookout said in the analysis. “Both BoneSpy and PlainGnome collect data such as SMS messages, call logs, phone conversation audio, photos from device cameras, device location, and contact lists.” Hammeredonalso known as Aqua Blizzard, Armageddon, BlueAlpha, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident…
December 12, 2024Ravi LakshmananVulnerability / Cloud Security Cyber security researchers have warned that thousands of servers hosting the Prometheus suite of monitoring and alerting tools are at risk of information leakage and exposure to denial of service (DoS) and remote code execution (RCE) attacks. “Prometheus servers or exportersoften without proper authentication, allowed attackers to easily collect sensitive information such as credentials and API keys,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new report shared with The Hacker News. The cloud security company also said the disclosure Endpoints “/debug/pprof”. used to determine heap memory usage, CPU usage,…
December 12, 2024Ravi LakshmananDevice Vulnerability / Security Details have emerged of a patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could bypass transparency, consent and controls (TCC) and lead to unauthorized access to confidential information. Drawback tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, for Apple, and was resolved with improved symlink (symlink) checking in iOS 18, iPadOS 18and macOS Sequoia 15. Jamf Threat Labs, which discovered and reported the flaw, said the TCC bypass could be used by a rogue installed on the system to obtain sensitive data without users’ knowledge. TCC…
December 12, 2024Ravi LakshmananWebsite Security / Vulnerability Attackers are exploiting a critical vulnerability in the Companion plugin for WordPress to install other vulnerable plugins that can open the door to various attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. “This flaw poses a significant security risk as it allows attackers to install vulnerable or closed plugins that can then be used for attacks such as remote code execution (RCE), SQL injection, cross-site scripting (XSS), or even the creation of administrative backdoors,” WPScan said…
December 12, 2024Ravi LakshmananCybercrime / DDoS attack A global law enforcement operation disabled 27 stress services used to launch distributed DDoS attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, took down several downloader and stresser websites, including zdstresser.net, orbitalstress.net and starkstresser.net. These services typically use botnet malware installed on compromised devices to launch attacks on behalf of paying customers against targets they like. In addition, three administrators linked to the illegal platforms were arrested in France and Germany, with more than 300 users identified for…
December 11, 2024Ravi LakshmananCyber espionage / Cyber attack The alleged Chinese threat actor has been linked to a series of cyberattacks targeting prominent organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in a variety of sectors, including government ministries in two different countries, an air traffic control organization, a telecommunications company and the Symantec Threat Hunter Team’s media. said in a new report shared with The Hacker News. The attacks, which used tools previously identified as linked to China’s Advanced Persistent Threat Groups (APTs), are characterized by the use of both open source and…